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IN THE CLAIMS: 
Amended claims follow: 

1 . (Currently Amended) A method for managing user attributes in a 
distributed computing system, wherein user attributes determine access rights to a 
computer application: the method comprising: 

modifying an attribute database in order to create modifications , wherein 
the attribute database includes a plurality of possible user attributes and a data 
structure identifying a plurality of users; 

obtaining an identity certificate from a certificate authority; 

associating the identity certificate with a user from the plurality of users 
within the attribute database , thus creating more of the modifications : 

assigning an attribute from the plurality of possible user attributes to the 
user? vvh o roby the user is grant e d access rights based on th e attribut e and - th e 
identity certificat e; 

storing the attribute assigned to the user into the attribute database , thus 
creating more of the modifications ; and 

distributing the modifications to the attribute database to a plurality of 
hosts coupled together by a network; 

wherein the user is granted access rights based on the attribute and the . 
identity certificate . 

2. (Currently Amended) The method of claim 1 , further comprising: 
assigning a second attribute from the plurality of possible user attributes to 

the use r, in addition to said attribute ; and 
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storing the second attribute assigned to the user into the attribute database^ 
thus creating more of the modifications . 

3. (Currently Amended) The method of claim 1, further comprising 
using secure communications ferwhen distributing the_modifications to the 
attribute database to the plurality of hosts. 

4. (Currently Amended) The method of claim 1, further comprising 
signing the attribute database with a cryptographic signature prior to the 
distributing to allow detection of unauthorized changes to the attribute database. 

5. (Currently Amended) The method of claim 1 , wherein a host of the 
plurality of hosts can distribute the modifications to the attribute database to a 
subordinate host in a tree architecture. 

6. (Currently Amended) The method of claim 1, further comprising 
allowing the user to assume any attribute stored into the attribute database that is 
assigned to the use r during the assigning . 

7. (Currently Amended) The method of claim 1, further comprising: 
deleting the attribute assigned to the user from the attribute database , after 

the distributing, thus creating more of the modifications : and 

redistributing the modifications to the attribute database to the plurality of 

hosts. 

8. (Original) The method of claim 1 , wherein modifying the attribute 
database includes creating the attribute database. 
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9. (Currently Amended) A computer-readable storage medium storing 
instructions that when executed by a computer cause the computer to perform a 
method for managing user attributes in a distributed computing system, wherein 
user attributes determine access rights to a computer application: the method 
comprising: 

modifying an attribute database in order to create modifications , wherein 
the attribute database includes a data structure identifying a p lurality of possible 
user attributes and a plurality of users; 

obtaining an identity certificate from a certificate authority; 

associating the identity certificate with a user from the plurality of users 
within the attribute database , thus creating more of the modifications ; 

assigning an attribute from the plurality of possible user attributes to the 
use r, wher e by the user is granted acc e ss rights baaed on tho attribut e and th e 
identity certificat e; 

storing the attribute assigned to the user into the attribute database , thus 
creating more of the modifications ; and 

distributing the modifications to the attribute database to a plurality of 
hosts coupled together by a network; 

wherein the user is granted access rights based on the attribute and the 
identity certificate . 

1 0. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising: 

assigning a second attribute from the plurality of possible user attributes to 
the use r, in addition to said attribute ; and 
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storing the second attribute assigned to the user into the attribute database^ 
thus creating more of the modifications . 

1 1 . (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising using secure communications fegwhen 
distributing the modifications to the attribute database to the plurality of hosts. 

12. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising signing the attribute database with a 
cryptographic signature prior to the distributing to allow detection of unauthorized 
changes to the attribute database. 

13. (Currently Amended) The computer-readable storage medium of 
claim 9, wherein a host of the plurality of hosts can distribute the modifications to 
the attribute database to a subordinate host in a tree architecture. 

14. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising allowing the user to assume any attribute 
stored into the attribute database that is assigned to the use r during the assigning . 

15. (Currently Amended) The computer-readable storage medium of 
claim 9 ; the method farther comprising: 

deleting the attribute assigned to the user from the attribute database , after 
the distributing, thus creating more of the modifications : and 

redistributing the modifications to the attribute database to the plurality of 

hosts. 
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1 6. (Original) The computer-readable storage medium of claim 9, 
wherein modifying the attribute database includes creating the attribute database. 

1 7. (Currently Amended) An apparatus that facilitates managing user 
attributes in a distributed computing system, wherein user attributes determine 
access rights to a computer application: the apparatus comprising: 

a modifying mechanism configured to modify an attribute database in 
order to create modifications , wherein the attribute database includes a data 
structure identifying a p lurality of possible user attributes and a plurality of users; 

an identity certificate obtaining mechanism configured to obtain an 
identity certificate from a certificate authority; 

an associating mechanism configured to associated the identity certificate 
with a user from the plurality of users within the attribute database , thus creating 
more of the modifications : 

an assigning mechanism configured to assign an attribute from the 
plurality of possible user attributes to the user , whoroby the user is grant e d access 
right s based on the attribute and th e identity certificate ; 

a storing mechanism configured to store die attribute assigned to the user 
into the attribute database , thus creating more of the modifications : and 

a distributing mechanism that is configured to distribute the modifications 
to the attribute database to a plurality of hosts coupled together by a network; 

wherein the user is granted access rights based on the attribute and the 
identity certificate . 

1 8 . (Currently Am ended) The apparatus of claim 1 7, further 
comprising: 
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the assigning mechanism that is further configured to assign a second 
attribute from the plurality of possible user attributes to the user , in addition to 
said attribute ; and 

the storing mechanism that is further configured to store the second 
attribute assigned to the user inlo the attribute database , thus creating more of the 
modifications . 

1 9. (Currently Amended) The apparatus of claim 17. further 
comprising a secure communications mechanism configured to distribute the 
modifications to the attribute database to the plurality of hosts , during the 
distributing . 

20. (Currently Amended) The apparatus of claim 17, further 
comprising a signing mechanism that is configured to sign the attribute database 
with a cryptographic signature prior to the distributing t o allow detection of 
unauthorized changes to the attribute database. 

21. (Currently Amended) The apparatus of claim 17, wherein the 
communications mechanism associated with a host of the plurality of hosts is 
configured to distribute the modifications to the attribute database to a subordinate 
host in a tree architecture. 

22. (Currently Amended) The apparatus of claim 17, further 
comprising an authorization mechanism that is configured to authorize the user to 
assume any attribute stored into the attribute database that is assigned to the user 
during the assigning . 
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23. (Currently Amended) The apparatus of claim 1 7, further 
comprising: 

a deleting mechanism that is configured to delete the attribute assigned to 
the user from the attribute Hntahase . after the distributing, thus creatine; more of 
the modifications ; and 

a redistributing mechanism that is configured to redistribute the 
modifications to the attribute database to the plurality of hosts. 

24. (Original) The apparatus of claim 1 7, wherein the modifying 
mechanism is further configured to create the attribute database. 
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